上篇文章分享了keystone的安装配置,本文接着分享openstack的镜像服务glance。
--------------- 完美的分割线 ----------------
3.0.glance概述
1)glance作用和特性
用户使用镜像服务 (glance) 允许来创建,查询虚拟机镜像。它提供了一个 REST API,允许查询虚拟机镜像的 metadata 并获取一个现存的镜像
可以将虚拟机镜像存储到各种位置,如简单的文件系统或者是对象存储系统,例如 OpenStack 对象存储, 并通过镜像服务使用
上传指定的文件作为后端配置镜像服务,默认目录是 /var/lib/glance/images/。
2)glance镜像服务的组件
glance-api:
用于接收镜像REST API的调用,诸如镜像查找,获取,上传,删除
glance-registry:
用于与mysql数据库交互,监听端口为9191,
提供镜像元数据相关的REST接口,用于存储、处理和恢复镜像的元数据(metadata),元数据包括项诸如大小和类型。
通过glance-registry可以向数据库中写入或获取镜像的各种数据
其中有两张表,image表保存了镜像格式大小等信息,image property表保存进行的定制化信息
注意:glance-registry是私有内部服务,用于服务OpenStack Image服务。不能向用户暴露
image:镜像文件的存储仓库
支持多种类型的仓库,它们有普通文件系统、对象存储、RADOS块设备、HTTP、以及亚马逊S3。另外,其中一些仓库仅支持只读方式使用。
image store:
是一个存储的接口层,通过这个接口glance可以获取镜像,支持的存储有亚马逊的S3,openstack本身的swift,还有ceph,sheepdog,GlusterFS等分布式存储
image store是镜像保存与获取的接口,仅仅是一个接口层,具体的实现需要外部的存储支持
数据库:
存放镜像元数据,用户是可以依据个人喜好选择数据库的,多数的部署使用MySQL或SQLite。
元数据定义服务:
通用的API,是用于为厂商,管理员,服务,以及用户自定义元数据。
这种元数据可用于不同的资源,例如镜像,工件,卷,配额以及集合。
一个定义包括了新属性的键,描述,约束以及可以与之关联的资源的类型。
3.1.在控制端安装镜像服务glance
1)创建glance数据库
mysql -p123456
----------------------------------
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
flush privileges;
exit
----------------------------------
#
3.2.在keystone上面注册glance
1)在keystone上创建glance用户
# 以下命令在local_user表创建glance用户
cd /server/tools
source keystone-admin-pass.sh
openstack user create --domain default --password=glance glance
openstack user list
# 实例演示:
[root@openstack01 tools]# openstack user create --domain default --password=glance glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 82a27e65ca644a5eadcd54ff44e5e05b |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@openstack01 tools]# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 82a27e65ca644a5eadcd54ff44e5e05b | glance |
| cbb2b3830a8f44bc837230bca27ae563 | myuser |
| e5dbfc8b394c41679fd5ce229cdd6ed3 | admin |
+----------------------------------+--------+
2)在keystone上将glance用户添加为service项目的admin角色(权限)
# 以下命令无输出
openstack role add --project service --user glance admin
3)创建glance镜像服务的实体
# 以下命令在service表中增加glance项目
openstack service create --name glance --description "OpenStack Image" image
openstack service list
# 实例演示:
[root@openstack01 tools]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 6c31f22e259b460fa0168ac206265c30 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@openstack01 tools]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 63c882889b204d81a9867f9b7c0ba7aa | keystone | identity |
| 6c31f22e259b460fa0168ac206265c30 | glance | image |
+----------------------------------+----------+----------+
4)创建镜像服务的 API 端点(endpoint)
# 以下命令会在endpoint表增加3条项目
openstack endpoint create --region RegionOne image public http://192.168.1.81:9292
openstack endpoint create --region RegionOne image internal http://192.168.1.81:9292
openstack endpoint create --region RegionOne image admin http://192.168.1.81:9292
openstack endpoint list
# 实例演示:
[root@openstack01 tools]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f13c44af4e8d45d5b0229ea870f2c24f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6c31f22e259b460fa0168ac206265c30 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@openstack01 tools]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 756084d018c948039d2ae55b13fc7d4a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6c31f22e259b460fa0168ac206265c30 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@openstack01 tools]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7226f8f9c7164214b815821b77ae3ce6 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6c31f22e259b460fa0168ac206265c30 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@openstack01 tools]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 7226f8f9c7164214b815821b77ae3ce6 | RegionOne | glance | image | True | admin | http://controller:9292 |
| 756084d018c948039d2ae55b13fc7d4a | RegionOne | glance | image | True | internal | http://controller:9292 |
| b8dabe6c548e435eb2b1f7efe3b23236 | RegionOne | keystone | identity | True | admin | http://controller:5000/v3/ |
| eb72eb6ea51842feb67ba5849beea48c | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| f13c44af4e8d45d5b0229ea870f2c24f | RegionOne | glance | image | True | public | http://controller:9292 |
| f172f6159ad34fbd8e10e0d42828d8cd | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
# 至此,glance在keystone上面注册完成,可以进行安装
3.3.安装glance相关软件
1)检查Python版本
# 在安装glance前需要确认系统的Python版本
# 在当前版本中有一个bug在Python3.5中可能会有ssl方面的问题,以下是详情页面
https://docs.openstack.org/glance/rocky/install/get-started.html#running-glance-under-python3
Running Glance Under Python3¶
You should always run Glance under whatever version of Python your distribution of OpenStack specifies.
If you are building OpenStack yourself from source, Glance is currently supported to run under Python2 (specifically, Python 2.7 or later).
Some deployment configuration is required if you wish to run Glance under Python3. Glance is tested with unit and functional tests running Python 3.5. The eventlet-based server that Glance runs, however, is currently affected by a bug that prevents SSL handshakes from completing (see Bug #1482633). Thus if you wish to run Glance under Python 3.5, you must deploy Glance in such a way that SSL termination is handled by something like HAProxy before calls reach Glance.
python --version
[root@openstack01 tools]# python --version
Python 2.7.5
2)安装glance软件
yum install openstack-glance python-glance python-glanceclient -y
3)执行以下命令可以快速配置glance-api.conf
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
4)执行以下命令可以快速配置glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
# 查看生效的配置
[root@openstack01 tools]# grep '^[a-z]' /etc/glance/glance-api.conf
connection = mysql+pymysql://glance:glance@controller/glance
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
flavor = keystone [root@openstack01 tools]# grep '^[a-z]' /etc/glance/glance-registry.conf
connection = mysql+pymysql://glance:glance@controller/glance
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
flavor = keystone
# 至此,glance服务安装完毕,该服务需要启动
4.4.同步glance数据库
1)为glance镜像服务初始化同步数据库
# 生成的相关表(15张表)
su -s /bin/sh -c "glance-manage db_sync" glance
2)同步完成进行连接测试
# 保证所有需要的表已经建立,否则后面可能无法进行下去
mysql -h192.168.1.81 -uglance -pglance -e "use glance;show tables;"
实例演示:
[root@openstack01 tools]# mysql -h192.168.1.81 -uglance -pglance -e "use glance;show tables;"
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| alembic_version |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
3.5.启动glance镜像服务
1)启动glance镜像服务、并配置开机自启动
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl list-unit-files |grep openstack-glance*
2)其他命令:重启,停止
systemctl restart openstack-glance-api.service openstack-glance-registry.service
systemctl stop openstack-glance-api.service openstack-glance-registry.service
实例演示:
[root@openstack01 tools]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@openstack01 tools]# systemctl status openstack-glance-api.service openstack-glance-registry.service
● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; disabled; vendor preset: disabled)
Active: active (running) since 五 2018-10-26 21:54:42 CST; 237ms ago
Main PID: 5420 (glance-api)
CGroup: /system.slice/openstack-glance-api.service
└─5420 /usr/bin/python2 /usr/bin/glance-api 10月 26 21:54:42 openstack01.zuiyoujie.com systemd[1]: Started OpenStack Image Service (code-named Glance) API server.
10月 26 21:54:42 openstack01.zuiyoujie.com systemd[1]: Starting OpenStack Image Service (code-named Glance) API server... ● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; disabled; vendor preset: disabled)
Active: active (running) since 五 2018-10-26 21:54:43 CST; 77ms ago
Main PID: 5421 (glance-registry)
CGroup: /system.slice/openstack-glance-registry.service
└─5421 /usr/bin/python2 /usr/bin/glance-registry 10月 26 21:54:43 openstack01.zuiyoujie.com systemd[1]: Started OpenStack Image Service (code-named Glance) Registry server.
10月 26 21:54:43 openstack01.zuiyoujie.com systemd[1]: Starting OpenStack Image Service (code-named Glance) Registry server...
[root@openstack01 tools]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@openstack01 tools]# systemctl list-unit-files |grep openstack-glance*
openstack-glance-api.service enabled
openstack-glance-registry.service enabled
openstack-glance-scrubber.service disabled
3.6.检查确认glance安装正确
# 可以下载小型的Linux镜像CirrOS用来进行 OpenStack部署测试。
# 下载地址:http://download.cirros-cloud.net/
1)下载镜像
cd /server/tools
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
2)获取管理员权限
source keystone-admin-pass.sh
3)上传镜像到glance
# 使用qcow2磁盘格式, bare容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
实例演示:
[root@openstack01 tools]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | f8ab98ff5e73ebab884d80c9dc9c7290 |
| container_format | bare |
| created_at | 2018-10-26T14:02:00Z |
| disk_format | qcow2 |
| file | /v2/images/78f5671b-fb2d-494f-8da7-25dbe425cad6/file |
| id | 78f5671b-fb2d-494f-8da7-25dbe425cad6 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 3706708374804e2eb4ed056f55d84666 |
| properties | os_hash_algo='sha512', os_hash_value='f0fd1b50420dce4ca382ccfbb528eef3a38bbeff00b54e95e3876b9bafe7ed2d6f919ca35d9046d437c6d2d8698b1174a335fbd66035bb3edc525d2cdb187232', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 13267968 |
| status | active |
| tags | |
| updated_at | 2018-10-26T14:02:00Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4)查看镜像
openstack image list
实例演示:
[root@openstack01 tools]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78f5671b-fb2d-494f-8da7-25dbe425cad6 | cirros | active |
+--------------------------------------+--------+--------+
# 至此glance镜像服务安装完成,启动成功
======== 完毕,呵呵呵呵 ========